Overview
Request 874772 accepted
- update to 3.9.24
Security Issues Fixed
* Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information »
Bug fixes and Improvements
* Continuing to improve PHP 8 support #31628 #31537 #31536 #30921
* Solved performance issue with zip archives containing zip files #31514
* Removes deprecate feature-policy and adds the new Permissions Policy #30819
* Update joomla/image dependency #31663
* Fixed regression SMTP Settings Test #31724
* Fixed regression to save empty passwords in global configuration #31672
- Created by adrianSuSE
- In state accepted
- Package maintainers: adrianSuSE and lrupp
Request History
adrianSuSE created request
- update to 3.9.24
Security Issues Fixed
* Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information »
Bug fixes and Improvements
* Continuing to improve PHP 8 support #31628 #31537 #31536 #30921
* Solved performance issue with zip archives containing zip files #31514
* Removes deprecate feature-policy and adds the new Permissions Policy #30819
* Update joomla/image dependency #31663
* Fixed regression SMTP Settings Test #31724
* Fixed regression to save empty passwords in global configuration #31672
lrupp accepted request
ok
@adrianSuSE: Maybe it is a good idea to mention CVE-2021-23123, CVE-2021-23124 and CVE-2021-23125 in
joomla.changes
so that there is a reference to these fixed security issues. Otherwise, as far as I'm concerned, this is ready to go and you may want to accept it (as a maintainer, it's really your call).Note that mentioning the CVE numbers in the .changes file, will create mifty links in the request, to easily check the contents.
@adrianSuSE, @lrupp: review reminder